Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting error when select "open with" while right click on a f


  • Please log in to reply

#1
saw8388

saw8388

    New Member

  • Member
  • Pip
  • 2 posts
Whenever i right click my files and select "open with", it comes up an error "this file does not have a program associated with it when choose default program". I had try alot of solutions and it still doesnt solve the problem. I had even try the registry method nor malware and spyware cleaning method but still din't help.I suspect it was some virus or trojan had infected my pc so i had try several antivirus or program to clean it but it still dint help at all.

Please reply as soon as possible !

Edited by saw8388, 02 November 2013 - 09:06 AM.

  • 0

Advertisements


#2
saw8388

saw8388

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Whenever i right click my files and select "open with", it comes up an error "this file does not have a program associated with it when choose default program". I had try alot of solutions and it still doesnt solve the problem. I had even try the registry method nor malware and spyware cleaning method but still din't help.I suspect it was some virus or trojan had infected my pc so i had try several antivirus or program to clean it but it still dint help at all.

Please reply as soon as possible !


[ exehelperlog.txt ]

exeHelper by Raktor
Build 20100414
Run at 22:55:28 on 11/02/13
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


[ OTL ]

OTL logfile created on: 11/2/2013 10:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Saw8388\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 67.22% Memory free
15.89 Gb Paging File | 13.07 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 115.98 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 44.97 Gb Free Space | 11.29% Space Free | Partition Type: NTFS

Computer Name: SAW | User Name: Saw8388 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/02 22:54:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Saw8388\Downloads\OTL.scr
PRC - [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe
PRC - [2013/09/05 17:54:16 | 000,884,144 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360safe\safemon\360tray.exe
PRC - [2013/08/03 09:09:24 | 028,057,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\Saw8388\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Users\Saw8388\Garena Plus\ggdllhost.exe
PRC - [2013/05/19 20:57:49 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/03 21:44:08 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/03/14 01:03:04 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/11/05 15:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/10/23 16:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/08/04 07:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/08/01 07:48:04 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/07/25 09:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/24 09:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/18 07:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/18 05:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 05:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/07 02:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/28 03:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/26 01:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 05:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/06/08 05:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/29 01:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/17 05:45:38 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2012/04/17 02:55:02 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/11/22 05:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 14:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 14:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 14:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 14:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 14:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- C:\Users\Saw8388\Garena Plus\ggspawn.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Users\Saw8388\Garena Plus\ggdllhost.exe
MOD - [2013/04/03 21:44:08 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Saw8388\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/26 17:12:11 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
MOD - [2012/11/14 07:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Saw8388\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/06/08 05:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/04/17 05:45:38 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2012/04/17 02:56:26 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/04/17 02:42:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/04/17 02:41:50 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/04/17 02:38:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/08/18 07:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/18 07:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/18 07:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/16 11:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/16 11:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/16 11:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/16 11:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/16 10:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/20 07:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/20 07:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/11 15:32:00 | 000,368,816 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360sd\360rps.exe -- (360rp)
SRV:64bit: - [2013/08/16 13:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/02 08:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/25 06:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 17:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 14:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 14:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 12:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/27 23:58:12 | 000,454,144 | -HS- | M] () [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013/03/02 10:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 10:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 07:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 07:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 16:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 14:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/26 04:28:16 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/07/26 11:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 11:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 11:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 11:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 11:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 11:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 11:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 11:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 11:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 11:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/21 05:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2013/11/01 07:11:29 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/01 20:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/10/01 15:51:14 | 002,746,704 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
SRV - [2013/09/11 10:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/12 19:29:16 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2013/05/19 20:57:49 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/14 01:03:04 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/01 09:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/01/08 00:24:28 | 005,128,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/12/29 18:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/05 15:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe -- (WyseRemoteAccess)
SRV - [2012/11/05 15:01:14 | 000,191,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2012/10/11 16:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/09/20 16:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/06 09:30:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/01 08:45:02 | 000,207,488 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/01 07:48:04 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/26 11:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/24 09:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/18 05:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 05:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/28 03:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/26 01:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/14 01:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/22 05:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/09 05:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/11 19:06:34 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2013/10/09 09:52:16 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013/10/08 18:42:52 | 000,227,000 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\360fsflt.sys -- (360FsFlt)
DRV:64bit: - [2013/09/22 14:34:22 | 000,071,360 | ---- | M] (360.cn) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\360AvFlt.sys -- (360AvFlt)
DRV:64bit: - [2013/09/12 10:42:02 | 000,191,672 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013/08/30 23:55:24 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\360Box64.sys -- (360Box64)
DRV:64bit: - [2013/08/23 15:42:16 | 000,070,336 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2013/08/22 02:42:10 | 003,915,264 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/08/16 13:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 14:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/11 12:43:58 | 000,040,120 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\360Camera64.sys -- (360Camera)
DRV:64bit: - [2013/07/09 16:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/04 15:57:00 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/07/03 18:12:32 | 000,046,136 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Hamdrv.sys -- (hamachi)
DRV:64bit: - [2013/07/02 09:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/02 09:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 09:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/02 08:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/02 06:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 14:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/11 05:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/06/04 09:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 09:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/01 11:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/23 18:11:28 | 000,062,152 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\360netmon.sys -- (360netmon)
DRV:64bit: - [2013/05/04 15:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/05/02 12:23:50 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudobex.sys -- (ssudobex)
DRV:64bit: - [2013/04/08 13:32:30 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2013/04/08 13:32:30 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/04/05 19:32:40 | 000,166,576 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 18:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 18:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/03/01 09:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/26 02:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 02:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 02:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 02:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 02:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/10 09:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/27 11:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/26 17:19:05 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/11/20 12:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 11:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/12 16:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 16:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 15:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 15:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 15:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 14:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2012/08/26 04:28:14 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 02:58:18 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/08/06 00:40:52 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/02 11:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/08/01 08:25:02 | 000,574,616 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/01 08:24:58 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/01 08:24:56 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/01 08:24:52 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/01 08:24:52 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/01 08:24:50 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/01 08:24:50 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/01 08:24:50 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/26 13:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 13:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 13:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 13:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 13:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 13:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 13:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 13:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 13:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 13:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 13:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 13:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 13:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 13:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 13:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 13:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 13:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 12:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 12:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 11:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 10:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 10:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 10:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 10:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 10:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 10:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 10:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 10:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 10:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 10:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 10:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 10:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 10:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 10:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 10:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 10:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 10:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 10:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 10:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 10:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 10:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatformMp)
DRV:64bit: - [2012/07/26 10:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 10:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 10:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 09:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/25 04:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/25 04:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/07/24 11:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/06/22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/06/14 09:06:50 | 000,100,992 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/06/02 22:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 22:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 22:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 22:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/12/16 01:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/08/01 12:44:26 | 000,513,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV - [2013/08/01 12:06:46 | 000,026,304 | ---- | M] (360.cn) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Ludashi\ComputerZ_x64.sys -- (ComputerZ_x64)
DRV - [2013/03/20 16:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/09/08 00:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/03 08:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.malaysia.ms...MY&dcc=MY&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 0C B1 CD 0C CC CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{BC68C399-DE51-42ED-A370-28080805A21D}: "URL" = http://www.baidu.com...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "&tn=dealio_dg&wd={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.04.24
FF - prefs.js..extensions.enabledAddons: %7B0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3%7D:2.0.6
FF - prefs.js..extensions.enabledAddons: %7BD119EDE5-84F2-4204-927D-D8811DC193B9%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7BF632A5EA-F825-4AE7-94B5-233CFBA9F423%7D:0.3.7.9.18
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.baidu.com...=dealio_dg&wd="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\Saw8388\funshion\funshiontools\npFunshion.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@pps.tv/nppps: D:\PPS.tv\PPStream\nppps.dll ()
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Users\Saw8388\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(238).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Saw8388\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Saw8388\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/11/25 19:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}: D:\Program Files (x86)\Thunder Network\Thunder\BHO\FireFox [2013/07/28 13:51:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 13:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/25 19:46:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Users\Saw8388\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox [2012/11/25 20:42:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Saw8388\AppData\Roaming\IDM\idmmzcc5 [2013/08/31 20:48:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Saw8388\AppData\Roaming\IDM\idmmzcc5 [2013/08/31 20:48:41 | 000,000,000 | ---D | M]

[2012/11/26 13:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Extensions
[2013/11/02 22:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions
[2013/05/27 20:05:59 | 000,000,000 | ---D | M] (Funshion Player Extension) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}
[2013/04/25 14:34:05 | 000,021,619 | ---- | M] () (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions\leethax@leethax.net.xpi
[2013/05/11 15:46:18 | 000,020,628 | ---- | M] () (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
[2013/08/12 12:45:07 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/08/12 12:42:58 | 000,091,653 | ---- | M] () (No name found) -- C:\Users\Saw8388\AppData\Roaming\Mozilla\Firefox\Profiles\kl35qg8f.default\extensions\{F632A5EA-F825-4AE7-94B5-233CFBA9F423}.xpi
[2013/10/11 13:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/12 09:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SAW8388\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KL35QG8F.DEFAULT\EXTENSIONS\ANTTOOLBAR@ANT.COM
File not found (No name found) -- C:\USERS\SAW8388\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KL35QG8F.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
[2012/11/12 15:26:02 | 000,003,958 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\baidu.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(71).dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Saw8388\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: XunLei Plugin (Enabled) = D:\Program Files (x86)\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll
CHR - Extension: Google Docs = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WGT Golf Challenge = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Virtual Piano = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjlaliolmnfholhmakjfbapkkfngamko\5.5.0_0\
CHR - Extension: Thunder Download Extension for Chrome = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Mac OS theme = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpadlfbbnobnjaeodjfnkogiigdmgff\2.1_0\
CHR - Extension: IDM Integration = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Google Maps = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.8.1_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.0_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.1_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.2_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.3_0\
CHR - Extension: Gmail = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Docs = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WGT Golf Challenge = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\45.0.0_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: Virtual Piano = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjlaliolmnfholhmakjfbapkkfngamko\5.5.0_0\
CHR - Extension: Thunder Download Extension for Chrome = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Mac OS theme = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpadlfbbnobnjaeodjfnkogiigdmgff\2.1_0\
CHR - Extension: IDM Integration = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Google Maps = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Wallet = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.8.1_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.0_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.1_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.2_0\
CHR - Extension: Unblock Youku = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.3_0\
CHR - Extension: Gmail = C:\Users\Saw8388\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/12 21:20:32 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.6.4502.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (360sdbho Class) - {0F4BF955-A127-41B7-A998-369904AA2578} - C:\Program Files\360\360sd\360sdbho.dll (360.cn)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.6.4502.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×BHOƽ̨) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - D:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll (深圳市迅雷网络技术有限公司)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe (Wyse Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [360Safetray] C:\Program Files (x86)\360\360safe\safemon\360Tray.exe (360.cn)
O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [360cloud] C:\Program Files (x86)\360\360WangPan\360WangPan.exe (360.cn)
O4 - HKCU..\Run: [360sd] C:\Program Files\360\360sd\360sdrun.exe (360.cn)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Saw8388\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Funshion] D:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKCU..\Run: [GarenaPlus] C:\Users\Saw8388\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPreload] D:\Program Files (x86)\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [YodaoDict] C:\Users\Saw8388\AppData\Local\Youdao\Dict\Application\YodaoDict.exe (网易公司)
O4 - Startup: C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Saw8388\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - D:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: ??????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: ??????????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - D:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: ??????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: ??????????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31035AC8-9F9E-4155-AFCD-7E586260818C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31035AC8-9F9E-4155-AFCD-7E586260818C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{61c775e4-0037-11e3-bec3-dc85de36ec72}\Shell - "" = AutoRun
O33 - MountPoints2\{61c775e4-0037-11e3-bec3-dc85de36ec72}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/02 22:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013/11/02 22:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/11/02 22:47:41 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/11/02 22:47:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/11/02 22:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/02 22:37:44 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\Windows_8_default_file_type_associations
[2013/11/02 22:17:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/02 22:14:44 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\AppData\Roaming\Malwarebytes
[2013/11/02 22:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/02 22:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/02 22:14:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/02 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/02 22:00:15 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\AppData\Local\Apps
[2013/11/02 21:16:14 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\SICO - Copy
[2013/11/02 18:58:43 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\SICO
[2013/10/27 08:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/27 08:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/25 13:15:26 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\法外風雲
[2013/10/22 17:18:48 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/22 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/10/22 17:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/18 15:04:24 | 000,227,000 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360fsflt.sys
[2013/10/17 15:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foldit
[2013/10/17 15:42:18 | 000,000,000 | ---D | C] -- C:\Foldit
[2013/10/13 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\VB
[2013/10/13 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\Fickr
[2013/10/12 16:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013/10/12 16:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013/10/12 16:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2013/10/11 19:06:34 | 000,016,640 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[2013/10/11 13:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/09 22:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/10/09 09:52:16 | 000,020,280 | ---- | C] (ASUS) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys
[2013/10/08 22:29:51 | 000,000,000 | ---D | C] -- C:\Users\Saw8388\Desktop\Multihack
[2013/10/08 22:25:33 | 000,000,000 | -HSD | C] -- C:\Users\Saw8388\AppData\Roaming\360Quarant
[2013/10/08 22:25:33 | 000,000,000 | -HSD | C] -- C:\$360Section
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Saw8388\Documents\*.tmp files -> C:\Users\Saw8388\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Saw8388\Desktop\*.tmp files -> C:\Users\Saw8388\Desktop\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/02 22:52:36 | 000,002,173 | ---- | M] () -- C:\Users\Saw8388\Desktop\360软件管家.lnk
[2013/11/02 22:49:51 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013/11/02 22:47:41 | 000,002,274 | ---- | M] () -- C:\Users\Saw8388\Desktop\SpyHunter.lnk
[2013/11/02 22:21:43 | 000,000,412 | ---- | M] () -- C:\Users\Saw8388\AppData\Roaming\sp_data.sys
[2013/11/02 22:21:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013/11/02 22:20:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/02 22:20:27 | 2481,012,735 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/02 22:14:39 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/02 21:55:01 | 000,000,886 | ---- | M] () -- C:\Users\Saw8388\Desktop\exe_fix_w7.zip
[2013/11/02 21:32:01 | 000,065,716 | ---- | M] () -- C:\Users\Saw8388\Desktop\Windows_8_default_file_type_associations.zip
[2013/11/02 21:25:39 | 000,002,646 | ---- | M] () -- C:\Users\Saw8388\Desktop\Fix_Manage_Error.reg
[2013/11/02 12:42:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013/11/01 07:57:34 | 000,852,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/01 07:57:34 | 000,712,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/01 07:57:34 | 000,133,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/31 18:34:58 | 008,541,824 | ---- | M] () -- C:\Users\Saw8388\Desktop\The Prayer - KL Harmony Sound Achedemy Choir - Sopranino Low Xiu Yin, Silver.mp3
[2013/10/29 16:11:46 | 000,044,278 | ---- | M] () -- C:\Users\Saw8388\Desktop\1381770_548360141900361_812074713_n.jpg
[2013/10/27 17:21:55 | 000,048,052 | ---- | M] () -- C:\Users\Saw8388\Desktop\pg1.png
[2013/10/27 08:06:52 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\360杀毒.lnk
[2013/10/26 17:41:02 | 002,016,768 | ---- | M] () -- C:\Users\Saw8388\Desktop\DL.pub
[2013/10/22 17:18:48 | 000,000,219 | ---- | M] () -- C:\Users\Saw8388\Desktop\Dota 2.url
[2013/10/22 17:02:20 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/10/21 22:35:09 | 008,412,032 | ---- | M] () -- C:\Users\Saw8388\Documents\李佳薇 煎熬.mp3
[2013/10/21 22:34:46 | 004,816,250 | ---- | M] () -- C:\Users\Saw8388\Documents\李佳薇 煎熬 完整版音檔 -華納official HQ官方版音檔.mp4
[2013/10/17 15:42:54 | 000,001,410 | ---- | M] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/10/14 14:12:19 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/12 21:54:21 | 007,276,160 | ---- | M] () -- C:\Users\Saw8388\Documents\P!nk - Blow Me (One Last Kiss).mp3
[2013/10/12 21:53:33 | 048,862,358 | ---- | M] () -- C:\Users\Saw8388\Documents\P!nk - Blow Me (One Last Kiss).mp4
[2013/10/12 21:51:40 | 009,438,080 | ---- | M] () -- C:\Users\Saw8388\Documents\Seungri on tvN SNL Song (Angel Lemar - Fiesta Fatale).mp3
[2013/10/12 21:50:46 | 009,691,626 | ---- | M] () -- C:\Users\Saw8388\Documents\Seungri on tvN SNL Song (Angel Lemar - Fiesta Fatale).mp4
[2013/10/12 21:08:02 | 000,055,967 | ---- | M] () -- C:\Users\Saw8388\Desktop\1392792_221961234631030_50936289_n.jpg
[2013/10/12 21:00:31 | 000,519,798 | ---- | M] () -- C:\Users\Saw8388\Desktop\CSCH.png
[2013/10/12 16:19:14 | 000,001,317 | R--- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/10/12 10:27:21 | 005,075,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/12 10:26:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/12 10:26:24 | 000,002,058 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/10/12 09:51:57 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/11 19:06:34 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[2013/10/11 18:22:20 | 000,002,283 | ---- | M] () -- C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/11 18:22:20 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/09 14:26:51 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/10/09 09:52:16 | 000,020,280 | ---- | M] (ASUS) -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys
[2013/10/08 18:42:52 | 000,227,000 | ---- | M] (360.cn) -- C:\Windows\SysNative\drivers\360fsflt.sys
[2013/10/06 21:29:56 | 000,004,388 | ---- | M] () -- C:\Users\Saw8388\funshion.ini
[2013/10/06 19:01:36 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\FIFA ONLINE 3(English).lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Users\Saw8388\Documents\*.tmp files -> C:\Users\Saw8388\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Saw8388\Desktop\*.tmp files -> C:\Users\Saw8388\Desktop\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/02 22:49:51 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2013/11/02 22:47:41 | 000,002,274 | ---- | C] () -- C:\Users\Saw8388\Desktop\SpyHunter.lnk
[2013/11/02 22:14:39 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/02 21:54:43 | 000,000,886 | ---- | C] () -- C:\Users\Saw8388\Desktop\exe_fix_w7.zip
[2013/11/02 21:31:56 | 000,065,716 | ---- | C] () -- C:\Users\Saw8388\Desktop\Windows_8_default_file_type_associations.zip
[2013/11/02 21:25:35 | 000,002,646 | ---- | C] () -- C:\Users\Saw8388\Desktop\Fix_Manage_Error.reg
[2013/10/31 18:34:39 | 008,541,824 | ---- | C] () -- C:\Users\Saw8388\Desktop\The Prayer - KL Harmony Sound Achedemy Choir - Sopranino Low Xiu Yin, Silver.mp3
[2013/10/29 16:11:18 | 000,044,278 | ---- | C] () -- C:\Users\Saw8388\Desktop\1381770_548360141900361_812074713_n.jpg
[2013/10/27 17:21:04 | 000,048,052 | ---- | C] () -- C:\Users\Saw8388\Desktop\pg1.png
[2013/10/27 08:06:52 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\360杀毒.lnk
[2013/10/26 17:42:00 | 002,016,768 | ---- | C] () -- C:\Users\Saw8388\Desktop\DL.pub
[2013/10/22 17:18:47 | 000,000,219 | ---- | C] () -- C:\Users\Saw8388\Desktop\Dota 2.url
[2013/10/22 17:02:20 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/10/21 22:34:47 | 008,412,032 | ---- | C] () -- C:\Users\Saw8388\Documents\李佳薇 煎熬.mp3
[2013/10/21 22:34:28 | 004,816,250 | ---- | C] () -- C:\Users\Saw8388\Documents\李佳薇 煎熬 完整版音檔 -華納official HQ官方版音檔.mp4
[2013/10/17 15:42:51 | 000,001,410 | ---- | C] () -- C:\Users\Public\Desktop\Foldit.lnk
[2013/10/14 14:12:20 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/14 14:12:19 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/12 21:54:03 | 007,276,160 | ---- | C] () -- C:\Users\Saw8388\Documents\P!nk - Blow Me (One Last Kiss).mp3
[2013/10/12 21:52:11 | 048,862,358 | ---- | C] () -- C:\Users\Saw8388\Documents\P!nk - Blow Me (One Last Kiss).mp4
[2013/10/12 21:51:19 | 009,438,080 | ---- | C] () -- C:\Users\Saw8388\Documents\Seungri on tvN SNL Song (Angel Lemar - Fiesta Fatale).mp3
[2013/10/12 21:50:31 | 009,691,626 | ---- | C] () -- C:\Users\Saw8388\Documents\Seungri on tvN SNL Song (Angel Lemar - Fiesta Fatale).mp4
[2013/10/12 21:08:00 | 000,055,967 | ---- | C] () -- C:\Users\Saw8388\Desktop\1392792_221961234631030_50936289_n.jpg
[2013/10/12 21:00:31 | 000,519,798 | ---- | C] () -- C:\Users\Saw8388\Desktop\CSCH.png
[2013/10/12 16:19:14 | 000,001,317 | R--- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/10/12 10:27:03 | 005,075,224 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/12 10:23:15 | 000,002,058 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2013/10/09 14:26:51 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/10/06 19:01:36 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\FIFA ONLINE 3(English).lnk
[2013/09/16 08:46:49 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/11 17:36:02 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/21 12:45:00 | 000,045,270 | ---- | C] () -- C:\Users\Saw8388\AppData\Roaming\room_v3.dat
[2013/06/06 16:32:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2013/05/27 20:02:28 | 000,000,911 | ---- | C] () -- C:\Users\Saw8388\AppData\Roaming\coreavc.ini
[2013/05/19 20:57:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/05/19 20:57:44 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/17 14:36:10 | 000,001,269 | ---- | C] () -- C:\Users\Saw8388\AppData\Local\recently-used.xbel
[2013/03/30 19:15:17 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/03/30 19:15:05 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/02 19:17:30 | 000,000,051 | ---- | C] () -- C:\Users\Saw8388\.gtk-bookmarks
[2013/03/01 09:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/18 19:54:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/05 15:30:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/01/15 14:45:43 | 000,007,602 | ---- | C] () -- C:\Users\Saw8388\AppData\Local\Resmon.ResmonCfg
[2013/01/06 11:57:14 | 000,000,017 | ---- | C] () -- C:\Users\Saw8388\AppData\Roaming\DTA.ini
[2012/12/31 08:01:29 | 000,000,600 | ---- | C] () -- C:\Users\Saw8388\PUTTY.RND
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/15 08:54:24 | 000,343,040 | ---- | C] () -- C:\Users\Saw8388\AppData\Local\TempRun This.exe
[2012/12/06 11:06:53 | 000,001,590 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/11/26 04:49:28 | 000,000,021 | ---- | C] () -- C:\Users\Saw8388\AppData\Roaming\my_intel.sys
[2012/11/26 04:40:03 | 000,000,412 | ---- | C] () -- C:\Users\Saw8388\AppData\Roaming\sp_data.sys
[2012/11/25 17:44:12 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2012/11/19 15:33:32 | 000,065,656 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012/11/19 15:33:30 | 000,022,640 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012/11/15 10:57:52 | 000,004,388 | ---- | C] () -- C:\Users\Saw8388\funshion.ini
[2012/11/15 10:57:52 | 000,001,080 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2012/08/09 10:49:57 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/09 10:49:23 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/09 10:49:19 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/06 04:01:23 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/06 04:01:23 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/07/26 16:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 16:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 15:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 09:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/26 04:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/26 04:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/26 04:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/26 04:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/06/02 22:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/21 04:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/09/07 07:34:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 14:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 13:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 11:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 11:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 11:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/06 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\.minecraft
[2013/09/27 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360CloudUI
[2013/09/16 08:49:58 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360Desktop
[2013/07/29 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360DiagnoseScan
[2013/09/27 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360Login
[2013/08/12 09:23:25 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360mobilemgr
[2013/10/08 22:28:00 | 000,000,000 | -HSD | M] -- C:\Users\Saw8388\AppData\Roaming\360Quarant
[2013/11/02 21:18:33 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360safe
[2013/07/28 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\360SD
[2012/12/02 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\AnvSoft
[2012/11/26 04:40:13 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\ASUS
[2013/10/12 09:54:45 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\ASUS WebStorage
[2013/04/18 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\BANDISOFT
[2012/12/09 20:45:01 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Crystal Player
[2013/05/15 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\DAEMON Tools Pro
[2013/10/03 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\dll-files.com
[2013/08/06 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\DMCache
[2013/11/02 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Dropbox
[2012/11/25 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\ESET
[2013/07/01 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Garena
[2013/11/02 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\GarenaPlus
[2013/04/12 16:30:16 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\gtk-2.0
[2013/06/29 16:06:45 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\IDM
[2013/03/29 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\iFunbox_UserCache
[2013/03/28 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\IObit
[2013/06/07 09:19:44 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\iPadian
[2013/06/07 09:12:03 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1
[2013/05/19 20:17:21 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Leadertech
[2012/12/01 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Need for Speed World
[2013/08/22 16:07:04 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Origin
[2013/06/16 14:09:03 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\PP
[2013/11/01 09:13:18 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\PPStream
[2013/03/25 15:12:13 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Product_FR
[2013/03/29 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\rockbox.org
[2013/03/30 19:10:35 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Samsung
[2013/03/10 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\skyz
[2013/07/29 22:08:34 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\SosClient
[2013/05/17 13:45:52 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/09/28 18:35:36 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\TeamViewer
[2013/05/02 18:00:11 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\Wargaming.net
[2012/12/31 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\WysePocketCloud
[2013/06/30 20:09:35 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\xim
[2013/08/12 12:47:40 | 000,000,000 | ---D | M] -- C:\Users\Saw8388\AppData\Roaming\youku

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/10/11 13:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2013/06/01 19:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 19:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2013/06/01 18:17:57 | 002,116,520 | ---- | M] (Microsoft Corporation) MD5=15C505AD0118275E7363A539009EF3AF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2012/07/26 11:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/07/25 14:51:08 | 000,220,310 | ---- | M] () MD5=7E94A0E7BA4DFF2035240AF3CF2385A9 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2012/10/11 13:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2013/07/10 17:06:14 | 000,188,441 | ---- | M] () MD5=A7285F31FF8FCC5C63AA8353FE6F2DDB -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2013/07/25 14:51:18 | 000,217,360 | ---- | M] () MD5=D352D3DBD4D0CA4DBA97C51EB642040F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/07/10 17:06:16 | 000,003,739 | ---- | M] () MD5=D51B421D4F9E7F257F50264D0A35F468 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/06/01 18:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 18:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/07/26 11:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012/07/26 11:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012/09/20 14:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012/09/20 13:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012/09/20 13:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012/09/20 14:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012/09/20 14:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012/09/20 13:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/07/26 11:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012/07/26 11:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012/07/26 11:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012/07/26 11:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/20 14:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012/09/20 14:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012/07/26 11:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/10/11 13:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012/10/11 13:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012/10/11 13:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/11 10:28:48 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/11 10:28:48 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/11 10:28:48 | 000,871,608 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/09/11 10:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/09/11 10:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/11 10:26:32 | 000,274,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/02/21 20:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/02/21 20:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2013/08/12 12:35:02 | 000,002,090 | ---- | M] ()(C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ó??á?í?§??.lnk) -- C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ÓÅ¿á¿Í»§¶Ë.lnk
[2013/08/12 12:35:02 | 000,002,090 | ---- | C] ()(C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ó??á?í?§??.lnk) -- C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ÓÅ¿á¿Í»§¶Ë.lnk
[2013/07/28 13:51:19 | 000,001,154 | ---- | M] ()(C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk
[2013/07/28 13:51:19 | 000,001,154 | ---- | C] ()(C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\Saw8388\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk
(C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ó??á?í?§??) -- C:\Users\Saw8388\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÓÅ¿á¿Í»§¶Ë
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BF3D62E7

< End of report >


[ extras ]
OTL Extras logfile created on: 11/2/2013 10:56:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Saw8388\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 67.22% Memory free
15.89 Gb Paging File | 13.07 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 115.98 Gb Free Space | 41.50% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 44.97 Gb Free Space | 11.29% Space Free | Partition Type: NTFS

Computer Name: SAW | User Name: Saw8388 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23E0B11D-D39D-4C61-95DA-FCAED7D1736F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5E341D21-A3C1-410E-9411-0EA4B7D87DFA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6505F0BF-27BF-4F6E-A672-FDF1ECFE66D0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{74EF1171-1025-445D-93FB-2AA08B081C53}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7693B0B1-E85C-4432-B11A-39C2FD58B2AD}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{945EDAC1-A94C-4E11-B972-5A0BA4F72914}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A0EDCD65-83F3-4578-B6BF-2FB700E937AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A798A613-DE86-4FA6-AF04-FDB90E7E456D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B84656E9-8E15-4DD2-858B-CAC06E921A30}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{C8A6162B-02C4-4C87-803E-8F1FD25A7896}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0013174E-3830-4C4B-8CA1-B357FC917BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\thunderplatform.exe |
"{002B1C82-C799-42BF-B847-51B28C36FCC4}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360wangpan\npqvod\qvodterminal.exe |
"{049FC66C-3DAA-49BF-A1E2-06DCDAACA7DD}" = protocol=17 | dir=in | app=c:\users\saw8388\garena plus\garenamessenger.exe |
"{093D6106-4A87-416B-866A-63A332EE7776}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{094D0F5F-24ED-41BD-BAB9-2EBEE8B77365}" = protocol=6 | dir=in | app=c:\program files (x86)\tools\qvod_online.exe |
"{0A29B0AD-DED2-4300-AB88-C338D158145C}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{0D6A18A8-A120-46DA-A28E-11A0FFCA4B87}" = protocol=17 | dir=in | app=c:\users\saw8388\appdata\roaming\.minecraft\minecraft launcher\minecraft launcher.exe |
"{0DB2276B-6FFC-49DE-8660-7559AC963562}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{0EC942F4-1896-4C6B-AB5B-D589A8071927}" = protocol=17 | dir=in | app=d:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{101D011B-90BA-4715-BF16-9F618B23DC3C}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{142B3C63-EB7F-4597-B11C-D31A6E6BC3F7}" = protocol=17 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe |
"{211A9991-BC87-4C0E-A0C8-6857C5674400}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{22035E7F-8EFD-4FE3-81BC-61C8E5C75F9D}" = protocol=6 | dir=in | app=c:\garenadownload\games\hon\honinstaller.exe |
"{2244754D-F3CE-4881-8310-951B670D8A13}" = dir=in | app=c:\users\saw8388\garena plus\room\garena_room.exe |
"{23AD6EE1-25DA-40CD-AB68-AFB496D55686}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{2696E3DF-CC42-45AB-874D-14D60E5F135F}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{2AF1DCFE-4BED-4AB3-8A46-4C3478EC792B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{2C9C23EE-FAD5-4302-BC9F-CD0963353E11}" = protocol=17 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{2DE0EF55-E08C-4648-A62D-95D8B224366C}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xlliveud.exe |
"{2FFE47CF-2CE2-4EEC-85BE-FC930D4C5FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\tools\qvod_online.exe |
"{309FB379-5AFD-47CC-BCCD-D9EFF6F169CF}" = protocol=6 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"{31FB3086-76EE-4EBD-9555-A88C529A54AB}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{3238B4D1-0D69-4200-9A76-D54EC1CF590B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{32672F0C-42A8-4CAE-9CCB-C38E11662E49}" = dir=in | app=c:\users\saw8388\garena plus\ggdllhost.exe |
"{33FF6240-A549-432F-9329-C8F37A762F89}" = dir=in | app=c:\users\saw8388\appdata\roaming\ppstream\ppsupdate.exe |
"{3408A614-9F94-4DEA-9200-F56E0C1D0B93}" = protocol=17 | dir=in | app=d:\game\warcraft iii\war3.exe |
"{36E31E79-71B8-4F2E-8B1E-D5BC1EF2E13E}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xlliveud.exe |
"{38E4D8CF-9465-4FFB-8F30-AC3898326B05}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{40697B4F-AFD7-471C-981A-66BC569F90CF}" = protocol=17 | dir=in | app=c:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe |
"{4127CEDC-A9BA-496A-B7D5-10DD8B5DCEE2}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{44C59F39-8020-4369-96AB-57ABE282973C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\xlbugreport.exe |
"{4586AD32-533B-4118-894D-DF7B17C21F2B}" = protocol=17 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{47E8710C-8FEE-4228-88AF-F152A60649A3}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360wangpan\npqvod\qvodterminal.exe |
"{4CB40696-F2D4-44DF-88E2-8396B35F5685}" = protocol=17 | dir=in | app=c:\garenadownload\games\fo3\fo3installer.exe |
"{4CCEE22D-4B9F-4198-9A69-31D0BCF68105}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{568A3C4D-3C59-4C97-8FEF-281AC77B81C8}" = protocol=17 | dir=in | app=c:\garenadownload\games\hon\honinstaller.exe |
"{59274BF9-8D28-440B-94C5-5F828AF94C72}" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{59295213-41B2-4864-A5D9-4B16B1AB348D}" = protocol=6 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe |
"{5A686B4F-C39C-4440-87CC-507550CFFFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{5B02C48E-7F72-474F-8470-653DA03B9072}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{5DAFB36C-4BB1-4433-A93C-53ABD00C39F6}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{6078D29B-6641-4E76-BEC3-365B2BC2EA2F}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{6CF6D2DF-885F-4F6A-8F63-12C608010E60}" = protocol=6 | dir=in | app=d:\tddownload\inst.exe |
"{7392BA47-4B90-4C4D-9C98-8FE6396BB169}" = protocol=6 | dir=in | app=d:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{793E35D9-8B90-4BCB-94A3-48C289A8A02C}" = protocol=17 | dir=in | app=c:\program files\kmspico\kmsserver.exe |
"{795D5ED3-7919-4082-B563-F1598EA54DAA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7B7B4C25-C48B-4F04-91EA-A7B0E30C7E9B}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{7FDEA080-F594-41C5-95F7-B3AD08D5A72D}" = protocol=6 | dir=in | app=c:\program files\kmspico\kmsserver.exe |
"{82FF438B-4AAE-4804-826C-A80B967D46BF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{888D20B6-C955-45E0-8D90-4A4F1238216B}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\program\thunder.exe |
"{8E39CAA7-936E-4F5E-A344-D9E52833883B}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{9172A715-04D3-4E24-8782-7C011F4ACF75}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\mobilemgr\360mobilemgr.exe |
"{934C5E07-F436-4242-A816-B6506E475322}" = protocol=6 | dir=in | app=c:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe |
"{9698BF71-BCA7-44CA-B45B-010BA9086A6D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9A22902E-FF19-4E0E-9BDE-99ABAFB54DE0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{9AD1B4A8-4CE3-43FE-90C9-E2FAE748CA39}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{9BBD284B-3EA5-45DF-950A-F3FFC06F11AF}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{9EB7A109-A096-4C61-868F-B55D81B7D7C0}" = protocol=17 | dir=in | app=d:\program files (x86)\garenafo3\gamedata\apps\fo3\fifazf.exe |
"{AB0E1715-2290-48F5-8FEE-ABA7A67BF25A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AC959958-512B-46AF-B77F-249FE78C5509}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"{AF71F18E-FC3C-48B7-A7CC-F89C29D353BE}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\netmon\360speedtest.exe |
"{B7FA414B-CD6F-47DB-919C-372991B0D008}" = protocol=6 | dir=in | app=c:\users\saw8388\appdata\roaming\.minecraft\minecraft launcher\minecraft launcher.exe |
"{BB4B038A-AC9B-4F5D-80BF-3D5E6D3F3F00}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\thunderliveud.exe |
"{BE3D91FE-C5B0-4226-B106-EAE3831F731E}" = protocol=6 | dir=in | app=d:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe |
"{BE7F29CA-73DF-4A8B-854D-262C41B1A939}" = protocol=17 | dir=in | app=d:\tddownload\inst.exe |
"{BEE6998C-6E94-4199-BD76-9D4875260381}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\xlbugreport.exe |
"{C174D995-F8D6-49EE-BB23-90EC8DE68C4E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{C17FA746-EE45-45A6-91A1-180381F0DC08}" = protocol=6 | dir=in | app=c:\users\saw8388\garena plus\garenamessenger.exe |
"{C41FD989-32FF-4A49-8DB2-C4DBFD09578E}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\program\thunder.exe |
"{CA0258CA-BDE8-4BD9-8065-CDB41C77A7E5}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{CB311540-10BD-416F-BE2C-9467D29E14F4}" = protocol=6 | dir=in | app=d:\game\warcraft iii\war3.exe |
"{CDB7FCB1-B3F2-4D1F-A807-2B67E99B1DA3}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D3B9DF42-1F2D-455D-8A76-95BA73F36D6E}" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{D7800EB8-6B94-4E79-A801-D022612E8E5D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{D929DC06-C5E0-4EFA-A78B-5B93CAC94748}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{DEE57796-747E-49C1-8BE9-56ED1878934B}" = protocol=6 | dir=in | app=d:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{DFA45672-ADDB-4243-A713-91861C9D688A}" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{DFBCE672-2E2D-48C3-BAEB-8F9920AFCAC8}" = protocol=6 | dir=in | app=d:\program files (x86)\garenafo3\gamedata\apps\fo3\fifazf.exe |
"{E0D5248F-81B3-456F-8F7C-222B2D5081C3}" = protocol=6 | dir=in | app=c:\garenadownload\games\fo3\fo3installer.exe |
"{E1545164-B16C-41EC-A4A7-68D2A80BF738}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{E262152C-D2CF-4A45-B84D-B7160F634B2F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{E2B78D5F-91EE-428C-B3FA-645AD0B58ECF}" = protocol=17 | dir=in | app=d:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe |
"{E7EA9B3B-4ED1-411B-8552-807AD4C4AD1A}" = protocol=6 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"{E8ECBA81-B92F-4C42-99D6-A04945B049DF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{ED19C551-A8A9-4849-B586-67C4CCBBD29E}" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"{F0FECA76-531E-46E5-943E-9C478F4356E4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\thunderplatform.exe |
"{F8CD92D5-C7D9-4D59-905E-480BB87AD867}" = protocol=17 | dir=in | app=d:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{FAA4AF7D-77C9-4D08-8CE4-D2985D8471CD}" = protocol=17 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"{FB525A41-AF01-48EC-BA37-39FED0C766FB}" = protocol=6 | dir=in | app=c:\cherrydegames\dragon nest\dragonnest.exe |
"{FBC7E118-C495-4B1D-A2AA-907428477C81}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.221_1111\thunderliveud.exe |
"{FD979DAD-CE90-4632-80CE-15EAE73EDA2F}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"TCP Query User{1B0C556F-ECA3-4B54-ADA3-7E37BC83956C}C:\users\saw8388\garena plus\bbtalk\bbtalk.exe" = protocol=6 | dir=in | app=c:\users\saw8388\garena plus\bbtalk\bbtalk.exe |
"TCP Query User{26248358-A594-4CF7-A130-17B210C3F4C7}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{504E23CF-EA0A-48D4-8C07-B3CEE927259E}D:\game\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\game\warcraft iii\war3.exe |
"TCP Query User{516657B7-F87C-41C1-9F74-123C7AD558A5}D:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe" = protocol=6 | dir=in | app=d:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe |
"TCP Query User{5D8F3CBC-055C-4A70-831B-BE0D09D0602C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{77178757-BD05-4E21-BF6E-A8C1626969B1}C:\garenadownload\games\hon\honinstaller.exe" = protocol=6 | dir=in | app=c:\garenadownload\games\hon\honinstaller.exe |
"TCP Query User{7F871B4E-BA7E-4FB0-B85A-68715266CC9E}C:\program files (x86)\expressfiles\expressdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"TCP Query User{825FF1A0-C2D5-49B3-B646-458E6FF07E3C}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"TCP Query User{A3662777-A7EB-4D31-A1D4-9BB3C839B801}D:\pps.tv\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"TCP Query User{A555D9CE-F082-43A3-864E-43AB9C791728}D:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=d:\program files (x86)\thunder network\thunder\program\thunder.exe |
"TCP Query User{AE7D4BDE-7A0E-4646-BF0F-ABB19EF836EC}C:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BC475B61-D1C8-4122-B9E5-E62AC8340435}C:\program files (x86)\tools\qvod_online.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tools\qvod_online.exe |
"TCP Query User{C80957F9-6F3B-42EC-B694-116687F8B962}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"TCP Query User{D59B7840-575D-4A10-8E73-6EED3AC709EA}C:\users\saw8388\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\users\saw8388\garena plus\garenamessenger.exe |
"TCP Query User{E2B62F70-2FE7-4EEE-BCE7-425EEF298B7A}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"TCP Query User{EFFC2001-1560-4074-9117-5724AD2903FE}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"TCP Query User{F392773A-C1E7-4A85-8ADB-C32C097BA754}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{05AFE31A-3304-49DE-873C-0B6C2AAF05A6}C:\program files (x86)\tools\qvod_online.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tools\qvod_online.exe |
"UDP Query User{0C985306-7EDD-4BE8-9E90-D20AC99A17BB}D:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe" = protocol=17 | dir=in | app=d:\program files (x86)\garenahon\gamedata\apps\hon\hon.exe |
"UDP Query User{118162DB-8C18-48F9-AAE6-4FB8E8B6B55F}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |
"UDP Query User{1260F89D-E63C-47BE-8CD6-1AE0276C3958}C:\program files (x86)\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\btvstack.exe |
"UDP Query User{15D578A7-B693-41F0-804F-8717F93362B4}C:\garenadownload\games\hon\honinstaller.exe" = protocol=17 | dir=in | app=c:\garenadownload\games\hon\honinstaller.exe |
"UDP Query User{370774C8-1179-4EE9-8F74-A4843A894873}D:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=d:\program files (x86)\thunder network\thunder\program\thunder.exe |
"UDP Query User{51D2BD5B-53CC-4D1E-8EB3-0DE218EC22A6}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{5430748A-9648-4C89-A988-B40A353BA229}C:\users\saw8388\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\users\saw8388\garena plus\garenamessenger.exe |
"UDP Query User{6758DC5A-B980-484D-8999-CC47E861821E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7113BB2C-8BF6-4E5F-9A41-10A0F3B845C9}C:\users\saw8388\garena plus\bbtalk\bbtalk.exe" = protocol=17 | dir=in | app=c:\users\saw8388\garena plus\bbtalk\bbtalk.exe |
"UDP Query User{79D9DE6C-1668-43D1-B023-52B2E045D8A8}D:\game\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\game\warcraft iii\war3.exe |
"UDP Query User{817FA91C-F94D-4618-9193-64C875934340}D:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{882AE498-9959-4F07-993C-88B18B8240F8}D:\pps.tv\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"UDP Query User{941CC4B0-3F98-4AB2-B8B9-DEE62C074D87}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"UDP Query User{CA22363F-244D-4604-9909-220FB2BCD399}C:\program files (x86)\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bluetooth suite\bttray.exe |
"UDP Query User{E475BDFF-93CF-4D8D-AC9E-4EF1AD8FBB0B}C:\program files (x86)\expressfiles\expressdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"UDP Query User{F55CFC27-8280-46D1-9D61-E716B6239786}C:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\saw8388\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CC3444D-7279-4E83-984F-18E9A7B2E803}" = Oracle VM VirtualBox 4.2.16
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CD09642E-061D-4844-BA37-ED1480916404}" = SpyHunter
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"KMSpico v4.5_is1" = KMSpico 4.5
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.74 (64-bit)
"WinRAR archiver" = WinRAR 5.00 beta 8 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A714FFD-F6FF-4A7B-9834-3C88580F4C02}" = Alcor Micro USB Card Reader
"{0C1B3A6B-B467-474D-97E4-D8BAC3E839CD}" = YTD Toolbar v7.0
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{246B4AFF-6540-4B72-93E8-B9EB86D37589}" = ASUS N Series Demo
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52A6288A-8F0C-488A-A834-718D30E8B150}_is1" = Aircraft Editor version 1.0.2.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C8C169B-D493-42C7-A975-7C1E0E4C5847}" = PocketCloud Windows Companion
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDD9A95-43C2-420F-B188-A1A62B202201}" = Addit! Pro For Flight Simulator X
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A016E1-0840-43AE-8434-A18CEDFA833B}" = LogMeIn Hamachi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B78049C2-7495-42CC-92B5-C752F7D6636C}_is1" = SuddenAttackSEA version v39.00
"{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1" = RAR Password Unlocker 4.2.0.0
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C8A37C0F-A84E-4F54-8567-0D6CDA5C360B}" = XLNation User Interface Mod
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D97A1B80-131F-4692-9543-E652956D8B99}" = ASUS Instant Key
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EC29C7B3-3C09-4ABB-94BC-D559510547AB}" = LongoMatch Video Analysis (x86)
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDBE26EE-6FD1-6E94-D066-9460B9C17194}" = Desktop iPhone
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"360SD" = 360杀毒
"360云盘(网盘版)" = 360云盘
"360安全卫士" = 360安全卫士
"360手机助手" = 360手机助手
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.5.7
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Cain & Abel 4.9.46" = Cain & Abel 4.9.46
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Cities XL 2012" = Cities XL 2012
"Counter-Strike 1.6" = Counter-Strike 1.6
"Crystal Player" = Crystal Player Professional 1.98
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"File Recover_is1" = PC Tools File Recover 9.0
"FO3" = Garena - FIFA ONLINE 3(English)
"Foldit" = Foldit
"Fraps" = Fraps
"Funshion" = Funshion
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"Ground Environment X Atlantic and Pacific Tropics1.0" = Ground Environment X Atlantic and Pacific Tropics
"HoN" = Garena - Heroes of Newerth
"iCare Data Recovery Professional_is1" = iCare Data Recovery Professional 5.0
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Internet Download Manager" = Internet Download Manager
"iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1" = Desktop iPhone
"LogMeIn Hamachi" = LogMeIn Hamachi
"Ludashi_is1" = 鲁大师
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Minecraft 1.6.2" = Minecraft 1.6.2
"Minecraft 1.6.2 1.00" = Minecraft 1.6.2 1.00
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Minecraft1.5.1" = Minecraft1.5.1
"Minecraft1.6.2" = Minecraft1.6.2
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"photoFXlab" = photoFXlab
"PPSGame" = PPSGame V1.2.2.4
"PPStream" = PPStream V3.1.0.1081 Final
"RAR Password Cracker" = RAR Password Cracker 4.12
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.195
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Steam App 570" = Dota 2
"TeamViewer 8" = TeamViewer 8
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Thunder BHO Platform" = Thunder BHO Platform 2.2.0.1087
"thunder_is1" = ѸÀ×7
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz BW Effects 2" = Topaz B&W Effects
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 3" = Topaz Detail 3
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit)
"Topaz InFocus" = Topaz InFocus
"Topaz Lens Effects" = Topaz Lens Effects
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz Star Effects" = Topaz Star Effects
"TubEmAll Pro" = TubEmAll Pro 1.4c
"Undelete 360_is1" = Undelete 360
"VISPRO" = Microsoft Office Visio Professional 2007
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
"YoukuClient" = ÓÅ¿á¿Í»§¶Ë
"YouWave" = YouWave for Android
"迅雷看看播放器" = 迅雷看看播放器
"迅雷看看高清播放组件" = 迅雷看看高清播放组件

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
"有道词典" = 有道词典

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2013 8:55:47 PM | Computer Name = Saw | Source = Application Error | ID = 1000
Description = Faulting application name: ComputerZ_CN.exe, version: 3.58.13.1024,
time stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451,
time stamp: 0x50988950 Exception code: 0x0eedfade Fault offset: 0x00014b32 Faulting
process id: 0x1d94 Faulting application start time: 0x01ce96efab4f67ba Faulting application
path: C:\Program Files (x86)\Ludashi\ComputerZ_CN.exe Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
Report
Id: ec382d1b-02e9-11e3-bec7-3085a929fe68 Faulting package full name: Faulting package-relative
application ID:

Error - 8/12/2013 2:32:46 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 8/12/2013 4:26:37 AM | Computer Name = Saw | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 8/12/2013 4:27:08 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error - 8/12/2013 4:27:09 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 8/12/2013 4:30:08 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error - 8/12/2013 4:30:17 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 8/12/2013 10:17:10 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error - 8/12/2013 10:17:20 AM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable

Error - 8/12/2013 9:19:29 PM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error - 8/12/2013 9:19:38 PM | Computer Name = Saw | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line
arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c04ed6bf-55c8-4b47-9f8e-5a1f31ceee60;NotificationInterval=1440;Trigger=NetworkAvailable


< End of report >


[ mbabm report ]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.02.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
Saw8388 :: SAW [administrator]

Protection: Enabled

11/2/2013 11:07:10 PM
mbam-log-2013-11-02 (23-07-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236130
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files (x86)\360\360safe\360LEAKFIXPLUGIN.DLL (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B43CB3B0-4784-E963-BE55-7FBE19540B25} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E99E755E-ADA9-CB67-81FA-99E8D670DEB7} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B282DB14-A2CB-3EC9-DDE0-2ACE773696F5} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{307BAC8D-8E13-2A20-213D-3007558A1918} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\thunder (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{97DDF214-9B68-4CAF-8F6F-4B4112912349} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{162CC9EB-F1CE-4CED-84CE-F80AA5DD8130} (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Funshion (PUP.Funshion) -> Data: "D:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe" startbywindows tray -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Funshion (PUP.Funshion) -> Data: "D:\Program Files (x86)\Funshion Online\Funshion\funshion.exe" startbywindows tray -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {C99B12F4-36F4-11E2-BE78-DC85DE36EC72} -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 41
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\BAIDUFLASH\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\funshiontools (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\ffextension (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9} (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\chrome (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\components (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FunshionSync (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\BAIDUFLASH\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\funshionTools (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\FunshionSync (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 295
C:\Program Files (x86)\360\360safe\360LEAKFIXPLUGIN.DLL (Trojan.Agent) -> Delete on reboot.
D:\PROGRAM FILES (X86)\FUNSHION ONLINE\Funshion\Funshion.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{86F65687-1840-4218-A0F3-50625D157471}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{86F65687-1840-4218-A0F3-50625D157471}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{98287573-4F35-487D-AA96-071743CB5785}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{98287573-4F35-487D-AA96-071743CB5785}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{C085CF73-8368-4A91-A87A-CB4A1B66ED85}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{C085CF73-8368-4A91-A87A-CB4A1B66ED85}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{C6CC3911-12E8-4921-ABCA-5ACA1D2F1BE7}\Custom.dll (Trojan.MSIL.Injector) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{C6CC3911-12E8-4921-ABCA-5ACA1D2F1BE7}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{C6CC3911-12E8-4921-ABCA-5ACA1D2F1BE7}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\ComputerZ.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\ComputerZ_x64.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Saw8388\Downloads\NFSW_hack.zip (Trojan.Agent.CPL) -> Quarantined and deleted successfully.
C:\Windows\Installer\4b308d.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\4b3092.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\4b3097.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\4b309c.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Saw8388\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\favorites.fav (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\CACHEFLASH\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\129425625.date1369791158.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\129439984.date1369791158.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\129458328.date1369791158.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\129473703.date1369791158.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130201100406-11185805.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130201164259-19201471.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130311162226-15600100.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130312173716-9610743.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130318145916-18354135.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130320154958-11988375.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130321113036-264001.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130322172040-3873839.date1370249683.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130329180210-11673237.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130412102413-19991799.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130422172240-19947271.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130426180310-13410679.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130503164224-635719.date1370249683.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130508165605-15798533.date1370249683.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130510134426-7229321.date1370249684.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130513150244-19879897.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130516120601-3577021.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130517155529-8326231.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130520134812-1564331.date1369791158.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130524143408-9007649.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130528185126-2886533.date1370249684.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130530194617-377136.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130530195722-10047284.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130531164407-285796.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130531164900-9500743.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130607180341-7219937.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130607181115-16361822.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130608160152-1765086.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130609094945-13802391.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130609133540-19752432.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130613111207-10530177.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130613151702-9922755.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130613173942-7200075.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130701145622-16104654.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130705153330-6867862.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\20130717175152-7813152.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\217526062.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\217528937.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\217532718.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\217535875.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\217538437.date1370249684.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2464937.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2466546.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2468906.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2476031.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2478046.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\2490968.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\41840125.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\41846421.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536377546.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536395000.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536409921.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536447437.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536451578.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\536454593.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\60655671.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\60657078.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\60682296.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\60735453.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\82604703.date1369703084.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\82639203.date1369703084.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\82743468.date1369703084.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\82764515.date1369703084.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\flashNew\DFE6BA7B_A1EA_8EE0_E2AC_0887300C3EF2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\control\1369656148_1369656148_164133_macross_1369287186_388.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\control\1369656148_1369656148_164133_macross_1369287186_388.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\control\1372677561_1372677561_41956_macross_1370401750_285.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\control\1372677561_1372677561_41956_macross_1370401750_285.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\BmpDetect.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpOK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\feedbackbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\forumhelpbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\funshionmark.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifChecking.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifRepairing.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifScanning.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ignorebtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProblemHelpBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\problemtabbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProgressBarBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProgressBarFG.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\question.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\recheck.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\repairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ReRepairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\RestoreBtnBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarDownArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarUpArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetHeadOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetMidOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetTrailOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\1383028681.funshion.ff (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\Cymric.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\DangerAppInfo.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\DwelfDll.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\DwelfDllnew.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\DwelfDlltest.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\ffext.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FSPAP.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FunctionDll.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FuniOSLoader.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FuniOSSync_mt.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FunLoader.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\Funshion.ipa (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\Funshion405184.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FunshionHelper.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\funshionLaunch.lua (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FunshionSvr.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\funshiontools.zip (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\gma.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\installedappinfo.daw (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\iOSConfig.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\launcher.log (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\Linfo.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\LoadIE.log (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\LuaConfig.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\LuaInterface_mt.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\Midnight.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\npFunshion.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\timeaction.daw (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\timeactionres.daw (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\chrome.manifest (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\install.rdf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\chrome\funshion.jar (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FFEXTENSION\{D119EDE5-84F2-4204-927D-D8811DC193B9}\COMPONENTS\FunBhoFirefox.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\aapt.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\adb.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\AdbWinApi.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\AdbWinUsbApi.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\fsadb.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\Funshionaphone.apk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\FunshionSync.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\LaunchThirdPartyApp.apk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\pcManager.apk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\FUNSHIONTOOLS\FUNSHIONSYNC\Sync.zip (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\Saw8388\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\1066140.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\173801234.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\173845437.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\17518703.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\17523015.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\17532781.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\17555750.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\175950890.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\175961687.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\175973734.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\180135687.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\180161437.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130201100406-11185805.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130201164259-19201471.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130311162226-15600100.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130312173716-9610743.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130318145916-18354135.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130320154958-11988375.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130321113036-264001.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130329180210-11673237.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130412102413-19991799.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130422172240-19947271.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130426180310-13410679.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130508165605-15798533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130513150244-19879897.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130517155529-8326231.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130531164407-285796.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130531164900-9500743.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130607180341-7219937.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130608162451-5454169.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130609094945-13802391.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130731135654-11650397.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\20130814105143-1105548.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\262906265.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\262909609.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\262915546.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\262951140.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\flashNew\DFE6BA7B_A1EA_8EE0_E2AC_0887300C3EF2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\BmpDetect.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\bmpOK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\feedbackbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\forumhelpbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\funshionmark.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifChecking.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifRepairing.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\gifScanning.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ignorebtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProblemHelpBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\problemtabbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProgressBarBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ProgressBarFG.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\question.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\recheck.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\repairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ReRepairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\RestoreBtnBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarDownArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarUpArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetHeadOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetMidOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONDOCTOR\TOOLS_SKIN\ScrollBarVerWidgetTrailOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\asml.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\Funshion237272.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\Funshion238032.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\Funshion405184.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\Funshion508560.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\FunshionHelper.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\funshionLaunch.lua (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\gma.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\launcher.log (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\FUNSHIONTOOLS\LuaConfig.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

(end)

Edited by saw8388, 02 November 2013 - 09:14 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP